#!/bin/sh
# image-customize script to prepare a bots VM for cockpit-docker testing
set -eu

if grep -q ID.*debian /usr/lib/os-release; then
    # Debian does not enable user namespaces by default
    echo kernel.unprivileged_userns_clone = 1 > /etc/sysctl.d/00-local-userns.conf
    systemctl restart systemd-sysctl

    # disable services that get in the way of /var/lib/containers
    if systemctl is-enabled docker.service; then
        systemctl disable docker.service
    fi
fi

# don't force https:// (self-signed cert)
mkdir -p /etc/cockpit
printf "[WebService]\\nAllowUnencrypted=true\\n" > /etc/cockpit/cockpit.conf

if systemctl is-active -q firewalld.service; then
    firewall-cmd --add-service=cockpit --permanent
fi

. /usr/lib/os-release

# Remove extra images, tests assume our specific set
# Since 4.0 docker now ships the pause image
docker images --format '{{.Repository}}:{{.Tag}}' | grep -Ev 'localhost/test-|pause|cockpit/ws' | xargs -r docker rmi -f

# tests reset podman, save the images
mkdir -p /var/lib/test-images
for img in $(podman images --format '{{.Repository}}:{{.Tag}}'); do
    fname="$(echo "$img" | tr -dc '[a-zA-Z-]')"
    podman save -o "/var/lib/test-images/${fname}.tar" "$img"
done

# 15minutes after boot tmp files are removed and docker stores some tmp lock files
systemctl disable --now systemd-tmpfiles-clean.timer
systemctl --global disable systemd-tmpfiles-clean.timer
